Six Must Have Techonologies to Mange the Mobile Devices

1. SprintSecure Laptop Guardian
This combo device was launched last week at Interop New York 2007 in partnership between Alcatel-Lucent and Sprint. In terms of enterprise manageability, the SprintSecure Laptop Guardian is extremely robust, although it’s also a little bulky and cumbersome (see photo on the right). At the core, it is a beefed up PCMCIA card that connects to the Sprint Mobile Broadband network. However, it also contains its own CPU, its own 100-hour battery, and its own flash storage. As a result, the card continues to run even when the laptop is turned off. It also functions as a smart card for two-factor authentication, so if a user removes the card the laptop is unusable since the user can no longer log in.

The Laptop Guardian gives IT the kind of manageability that it normally only gets for desktops and laptops that are connected to the corporate LAN. Over-the-air and regardless of whether the laptop is powered on or off, IT can get complete status updates of the OS, apps, usage, and policy enforcement. IT can also push software updates, change policies, do a remote-wipe, and/or remotely lock-down the data on the machine. The card even includes GPS so that IT can pinpoint the location of the laptop at any time, which can especially useful if it is stolen.

The things to keep in mind about this product is that it only works with Sprint Mobile Broadband and it invokes a very stringent set of security and manageability principles upon the user, which could be a significant cultural change for some road warriors. Of course, the increased manageability also means that IT can provide better and faster support to the laptop when issues arise. The product also includes a transparent VPN client, so there is no software to run for the end user and the laptop is always connected to the corporate WAN. See the online demo of SprintSecure Laptop Guardian for more.

2. Microsoft Mobile Device Manager 2008
Last week at the CTIA fall conference in San Francisco, Microsoft announced the Mobile Device Manager 2008 for the Microsoft System Center. The idea here is to give IT better manageability over its growing fleet of smartphones and to give smartphone users better and more secure access to corporate data and line-of-business applications.

The product won’t be released until the first half of 2008, but some of the prominent features will include:

• Full device encryption
• Ability to join Active Directory domains
• Over-the-air (OTA) software deployment
• Mobile VPN
• OTA provisioning
• OTA device wipe
• OTA disabling of camera, Bluetooth, WLAN, and more
• Application allow and deny

Microsoft is “trying to turn the smartphone into more of a laptop-like device that can be fully managed and centrally controlled and secured,” said Rob Enderle, principal analyst of the Enderle Group. “This makes the mobile phone more of a corporate asset than a security liability.”

3. BlackBerry Enterprise Server
The primary competitor to Mobile Device Manager 2008 is BlackBerry Enterprise Server. Actually, it’s the other way around. BES is an established product that already has much of functionality that Mobile Device Manager 2008 is developing. The difference, of course, is that BES manages BlackBerry smartphones while Microsoft Mobile Device Manager will handle smartphones based on Windows Mobile.

However, on the back-end, BES servers can integrate with Microsoft Exchange, Lotus Domino, or Novell GroupWise, while Mobile Device Manager 2008 is tethered to Exchange. For those that are jumping on the Microsoft bandwagon for unified communications (UC), BES can also integrate with Office Communicator and Live Communications Server (and its successor Office Communications Server).

BES provides end-to-end encryption of data, OTA security policies, role-based and group-based administration and deployment, and a centralized management console for BlackBerry devices. While BlackBerry is best known for its mobile e-mail capability, with its Mobile Data System (MDS) applications, BES can also provide a mobile platform to wireless extend business applications. Many of the applications can even be deployed over-the-air. The graph above shows a diagram of MDS in action.

4. Network Access Control
Network Access Control (NAC) is not a product but a security framework for dealing with mobile laptop users who have intermittent connections to the corporate WAN and therefore often have out-of-date patches and updates, unauthorized software, and/or spyware and malware issues. When these laptops reconnect to the corporate LAN or WAN they can introduce malware to the network. That’s where NAC comes in. NAC scans machines before allowing them to join the network and uses standard policies to check for irregularities. If a machine doesn’t meet the network’s security requirements it is put into quarantine and either automatically updated until it meets minimum requirements or given reduced privileges and access until an IT administrator can deal with it.

This technology should really be at the top of this list; however, since its broad launch by multiple vendors in 2006 it has received only tepid interest from IT departments. The lack of interest is due to in large part to the lack of standardization in the industry. Cisco has its own version called Network Admissions Control. Microsoft has its version called Networks Access Protection. There’s also the Trusted Network Connect (TNC) specification, which is an open source implementation of NAC. Then you also have vendors such as LANDesk, Juniper, and Symantec that have their own NAC products or integrate NAC-like functionality into existing products. While multiple vendors have worked on interoperability, the real momentum for NAC isn’t likely to begin until there is an industry standard. Nevertheless, it’s worth considering as a tool to help manage mobile users.

5. Riverbed WAN acceleration
One of the hottest products in the enterprise mobility market has nothing to do with smartphones or laptops - although it can be a huge asset to both of them. The product is the Riverbed Steelhead appliance for accelerating data transfers and application performance over the WAN, and it has grown from a handful of deployments back in 2004 to 10,000 unit deployments in 2007.

Using its own Riverbed Optimization System (RiOS), the Linux-based Steelhead appliances work as transparent caching devices that allow enterprises to avoid redundantly transferring the same data over and over again. Instead, only the latest changes to the data are transferred over the WAN, and the result is the experience of LAN-like transfer speeds over the WAN. The graph below shows the multiples of accleration that Riverbed says its customers can expect.

Now, in addition to the standard WAN product (aimed mostly at branch office acceleration), Riverbed also offers Steelhead Mobile, which can be installed on laptops and provide direct acceleration for mobile users.

One of the strengths of the Steelhead products is that companies don’t have to rip out a bunch of equipment and replace it. They typically just drop in the Riverbed appliances between their routers and switches, and install the mobile client software on the laptops where they want to accelerated performance. Cisco and Juniper are hot on Riverbed’s heels in the WAN acceleration market, but neither of the two networking giants nor the rest of the networking industry has been able to catch Riverbed yet.

6. Verizon Wireless Field Force Manager
Using a combination of GPS, a Web-based application, and a mobile handset application, Field Force Manager from Verizon Wireless provides businesses with a system to track and dispatch remote and mobile workers. The software includes rich GPS mapping, job scheduling and dispatch, driving directions for employees, fleet maps, location directory, electronic timecards, worker status indicators, data capture and collection, and exception alerts.

Clearly, this solution is applicable to a specific set of organizations that have mobile workers out in the field as part of their core business, and is aimed at solving the challenges associated with that business scenario. Specifically, the goals are to increase response time to customer inquiries, reduce paperwork and phone calls, and increase worker productivity and efficiency.

This type of system would typically be very expensive to purchase and deploy. However, Verizon offers it as an end-to-end service with three tiers of functionality and businesses pay per handset. For more, check out the online demo of Field Force Manager.

Read more!

World’s Thinnest Mouse

Slim G4 is the world's slimmest mouse

Read more!

Top 10 Car Keys

Read more!

Enlightenment - An easy-to-use Linux GUI

In the 10 years I've been using Linux, I've run the gamut of window managers and desktop environments: FvWM, FvWM95, ICEWM, AfterStep, BlackBox, KDE, GNOME, Beryl, Fluxbox, CDE, XFCE, Windowmaker, Sawfish, Metacity, WM2, as well as Compiz. But it seems that no matter how many times I try another Linux GUI, I always go back to Enlightenment. It is one of the few PC GUIs that actually makes complete sense. It's lightweight, flexible, and reliable. It does its job well and doesn't try to do things it shouldn't. And it can look really, really good.

Before we discuss Enlightenment, let's break apart the Window Manager/Desktop Environment issue: which does what; what are they; why do we need them?

X Windows and the Window Manager

On top of the base of the Linux system, you have the X Window System. This system is a portable, network-transparent system that, by itself, can't do much. If you were to start up the X Windows System (with the command X), you would see a nice gray screen with a big X cursor. That big X cursor can move around, but that's it; you can't click anything or open anything. But X is critical: It is the underlying framework that allows the Window Manager to do its thing.

The Window Manager sits on top of X and draws windows, menus, and buttons, etc. The Window Manager is the piece of the puzzle that allows users to interact with their machine.

One of the best aspects of this setup is that the user is not limited to a specific environment. As a Linux user, I can place on top of X any type of Window Manager I desire. If I want something that looks like Microsoft Windows, I might run KDE. If I want to run an environment similar to OS X, I could run (and modify) GNOME. Or, if I want something all together different, I could opt for any number of choices, and it is one of those other choices to which I am going to introduce you.

Enlightenment: A bit of history

Enlightenment -- sometimes referred to simply as "E" -- was started by Carsten Haitzler (aka Raster). Enlightenment began in 1992 and was originally based on FVWM2. It was soon completely rewritten and forked into E16 (still used as the stable release) and Enlightenment DR17 (the development release). As of 2007, DR16 is in the DR16.8.9 release. Soon DR17 itself should wind up in a stable release. Enlightenment depends heavily on the Imlib library, which has been taken over by the GNOME foundation.

Why you should use Enlightenment

There are numerous reasons to become an Enlightenment user:

• You need a GUI on an older machine that is not powerful enough to run the more resource-intensive KDE or GNOME.
• You want something a little different.
• You want to control users so they only have access to certain applications.
• You want a GUI that is stable, fast, and flexible.

Those reasons may not be show-stoppers, nor will they see IT departments migrating hundreds or thousands of desktops to Enlightenment, but the small list above is reason enough to have many making the switch from their typical GUI to E.

Installing Enlightenment

There are a number of ways to install Enlightenment. You can search for an RPM that works with your appropriate Linux distribution, although this can be difficult and you may not get the latest version of Enlightenment if you do so. Often, RPM builds lag behind the latest versions. If you prefer using RPM, you can download all the necessary RPM files, place them in a directory, and run (as root) the command rpm -ivh *rpm to install Enlightenment.

You can also go the source route by downloading the following files from the Enlightenment SourceForge Site:

• e16
• e16docs
• e16themes
• e16utils
• epplets
• imlib2-src

You will have to install imlib2-src first. Download that tarball and open a console window. As root, unpack the tarball with the command tar xvzf imlib2-XXX.tar.gz (where XXX is the release number). Now change into the newly-created imlib2 directory and run the following commands:

./configure
make
make install

Once imlib2 is installed, you can start installing Enlightenment. You will start with the e16 tarball. Unpack that and then run the same commands to install it that you did for imlib2. Once you are done with that do the same for the rest of the downloaded files.

Now what?

If you are starting your X session from a console based log in you will need to create a .xinitrc file with the following contents:

exec e16

With that file saved, you simply have to run the command startx to start up Enlightenment. If you run one of the graphical logins (GDM or KDM) after installation, there should be an entry for the Enlightenment session.

When you first run Enlightenment, you will be greeted the default desktop, as shown in Figure A.

Figure A

The default Enlightenment desktop.

What you see on the default Enlightenment are three items: The Dragbar, the bar at the top; the Pagers, the squares at the bottom left; and the Icon box, at bottom right.

The Drag Bar

The Enlightenment Drag Bar is a tool that helps you navigate between desktops or applications (depending on which mouse button you press). If you have more than one application open, and you press the middle mouse button (usually the mouse wheel), you will see a list of open applications, similar to the ones in Figure B. You can then select which application you want to work with, and that application will have focus.

Figure B

This window is also called the Window List.

If you are familiar with Linux' desktop pager metaphor, then you will certainly appreciate yet another way to move between desktops. Figure C illustrates the right mouse button's click on the Drag Bar, which shows the list of desktops available.

Figure C

Simply select the desktop you want and you will be magically transported.

I find the Drag Bar to be mostly redundant; between key-combinations and the Pager system, it is unnecessary. In fact, I almost always disable it first thing to gain the extra screen real estate. We'll discuss disabling this later in configuration.

The Pagers

Located in the bottom left of the screen are the desktop Pagers. These boxes will transport you to which ever desktop you click on (Desktop 1 is the top pager; Desktop 2, the bottom). These pagers will also give you a thumbnail of the applications running.

Of course, there are other ways to zap between desktops. One such way is to scroll the mouse scroll wheel up or down to send you between desktops. We'll discuss the other in a moment.

The Iconbox

The Iconbox is simply a placeholder for when an application is iconified (in Windows-speak, minimized). An iconified window changes from the actual window to a small icon on the desktop. This is a Linux metaphor that has been around since the days of NextStep. Figure D shows the Iconbox with two iconified applications.

Figure D

The slider at the bottom of the Iconbox is helpful when you have more iconified applications than the Iconbox will show.

The Menus

There are three distinct menus with Enlightenment: The Main Menu, the Application Menu, and the Settings Menu. You can access these menus by pressing a mouse button anywhere on the desktop (as long as that space is unoccupied on the desktop).

The Main Menu, shown in Figure E, includes the Applications menu, but also includes a few system entries (for getting help, logging out, and restarting, etc.), as well as entries for settings. It is basically all of the menus wrapped up into one.

Figure E

There are redundancies in the menu hierarchy.

The Applications Menu, shown in Figure F, strips away all of the settings from the Main Menu and leaves behind applications and session (logging out and restarting) entries.

Figure F

If your system has GNOME or KDE installed, Enlightenment will include their menus in the Application menu listing.

The Settings Menu, shown in Figure G, is just as it would seem: it includes all of the settings required for Enlightenment.

Figure G

There are a large number of settings you can play with in Enlightenment.

Configuring Enlightenment

From within the Settings Menu, select the Enlightenment Settings entry. As seen in Figure H, you can control every aspect of the Enlightenment Window Manager.

Figure H

As you press on a button (left side), a new listing of settings will appear (right side).

Many of the settings will be self-explanatory. Others, if you are familiar with Linux concepts such as Focus, Desks, or Pagers, etc., will also be familiar. Some of the settings, however, are unique to Enlightenment. One such setting is Groups. The Groups setting deals with placing applications together in groups for such configurations as border style (all applications of a group having the same border style) and iconifying (all applications in a group will have their icons grouped together in the Iconbox). Basically, whatever you do to one window in a group, all windows in that group will reflect that same change.

Now, to set a windows group, you must access an entirely different menu. From a Windows titlebar, press the right mouse button. From here, a new menu will appear that allows you to affect the window of that application.

First, select the Start A Group menu entry. It will appear that nothing has happened, but actually the window you selected this menu entry on will be the base for the group. Suppose you selected the Start A Group entry on a window containing The Gimp. You will then have a group called The Gimp. You can add any window (say, all windows containing applications that deal with graphics) to that group. Once you have a group created, you can then affect the windows (and their behavior) in that group.

That same menu (from right-clicking the title bar) allows you to pull off a few other nifty tricks. The tricks will, of course, be dependent upon the theme you are using. Some themes allow you to set the titlebar to the right or left. This setting makes for a very interesting look. Combine this with transparency (and the right theme) and you'll have something like that shown in Figure I.

Figure I

This is a desktop sure to impress your friends and co-workers.

Menu configuration

One of the few drawbacks to Enlightenment is the configuration of menus. There is no tool for this task. Instead, you have to actually edit a text file. Although this might seem like a throwback, it's actually quite easy to do.

The file you need to edit will be in the users ~/.e16/menus/ directory and will be called user_apps.menu. The individual entries for the menu look like this:

"Open Office" NULL exec "oowriter"

Breaking this entry down looks like this:

• "Open Office" is the name that will be listed in the menu.
• NULL is the graphic entry for the menu (NULL being no graphic).
• exec tells the system that what follows is the command for the application.
• "oowriter" is the actual command for the application.

You can have as many entries as you like.

Key combinations

As with all Linux desktops, there are certain key combinations that will allow you to work more efficiently. These key combinations include:

• [Alt][Ctrl][Home]: Auto arrange all open windows
• [Alt][Ctrl][Insert]: Launch the Eterm application
• [Alt][Ctrl][Delete]: Log out of Enlightenment
• [Alt][Ctrl][Right]: Go to the next desktop
• [Alt][Ctrl][Left]: Go to the previous desktop
• [Alt][Shift][Down]: Move desk area down
• [Alt][Shift][Up]: Move desk area up
• [Alt][Shift][Left]: Move desk area to the left
• [Alt][Shift][Right]: Move desk area to the right
• [Alt][Tab]: Switch between applications
• [Alt][Ctrl][Up]: Raise active window
• [Alt][Ctrl][Down]: Lower active window
• [Alt][Ctrl][X]: Close active window
• [Alt][Ctrl][K]: Destroy active window
• [Alt][Ctrl][I]: Iconify active window
• [Alt][Ctrl][R]: Shade active window

Final thoughts

Enlightenment is one of the finest Window Mangers for Linux. Not only is it effective in making your work efficient, it is also full of eye candy you may never have experienced before. You can even pick up some really great themes for Enlightenment (placing them in /user/share/e16/themes will get you started). Whether it's giving life to an older machine or perking up your rather drab computing experience, Enlightenment will help you get a fun Linux desktop.

Read more!

Top 10 Most Brilliant Gadgets of 2007

1. Apple iPhone - Of course, you’ve heard about this phone. But have you used it? The best way to understand why Apple’s iPhone ($400) has sent shockwaves through the cellphone industry is simply to check your voice mail with it. Instead of passwords and audible instructions, the iPhone displays a visual list of voice mails­—which are saved as audio files. Using the bright and responsive touchscreen, you scroll through the list and tap a message. When you’re done with a message, simply slide your finger over it and a delete button pops up. At the top of the phone is a button that locks the screen, so it can go back in your pocket without risking accidental commands. All phones should work so smoothly. Because of the iPhone, they’ll eventually have to.

2. Dow SafeTouch Fiberglass-Free Insulation - This is a plastic fiber batt insulation from Dow Chemical that has the same R-value as fiberglass without any of the dust and itching problems. You can cut the material with a utility knife—no goggles, work gloves or face mask required. Small pieces can be torn off by hand and stuffed into crevices for insulating narrow, irregular spaces. Like any good batt insulation, it can support its own weight: Placed in a stud bay, it will hold itself in position. The only apparent downside is its cost: It currently runs about 64 cents per square foot for R-13, while fiberglass is 40 cents.



3. Samsung Solid State Drive - Hard-disk drives are the out-of-shape kids in computer gym class. While a PC’s other components (CPU, GPU and RAM) operate at lightning-fast speeds, the drive huffs and puffs and spins as fast as possible to try to keep up. Flash memory is far speedier and, because it has no moving parts, is resistant to mechanical failure. Samsung’s new Solid State Drives (the samples we received were oxymoronically labeled “solid state disks”) are essentially big bundles of flash memory—up to 64GB—that replace traditional hard drives. Laptops using SSDs are lighter, faster and quieter than those with conventional drives. As price comes down and capacities increase, all computers may give up spinning disks for SSDs.

4. Ford Sync - Ford has elegantly and inexpensively leap-frogged the competition when it comes to in-car infotainment systems. Ford’s $395 Sync is essentially a small computer running the Microsoft Auto operating system that wirelessly integrates all of your mobile gadgets. It enables hands-free phone use and has a universal music player that pulls songs from virtually any MP3 player. The voice-recognition control is simply the best we’ve ever tried. So far, the most impressive trick Sync offers is its ability to receive text messages and then read them to you. And Sync’s flexible software platform means it should be easily upgradable in the future. Sync will be available in 12 models by the end of the year and on nearly all Ford vehicles within two years.

5. Zonbu Zonbox - It isn’t the technology that makes the Zonbox revolutionary, it’s the idea. Borrowing a page from the cellphone industry, Zonbu offers its compact Zonbox PC for $99 with a two-year, $15 per month plan, which includes 50GB of online storage and the best tech support policy we’ve seen in years: If the box fails, the Silicon Valley startup will overnight a new one. Since the operating system is Linux-based, with a slew of genuinely useful preloaded applications (open-source clones of popular programs), it’s less vulnerable than Windows to viruses, spyware and unexplained crashes.

6. GM, Chrysler, Mercedes-Benz, BMW Two-Mode Hybrid - Total hybrid sales are projected to be up 35 percent this year. But that’s still only about 345,000 vehicles—a fraction of the 16-plus million vehicles sold overall. GM, BMW and the former DaimlerChrysler joined forces three years ago to develop a scalable hybrid system that brings the fuel-saving technology to the masses of front- and rear-wheel-drive cars (and the trucks) that each manufacturer produces. The fuel savings, over such large volumes of traditionally thirsty vehicles, should be impressive. The system locates two electric motors and four clutches inside the transmission to deliver multiple combinations of gearing and electric propulsion. The first applications in the Chevrolet Tahoe and the GMC Yukon deliver a fuel economy improvement up to 25 percent yet still allow the big SUVs to tow 6000 pounds.

7. Nintendo Wii Fit - The Nintendo Wii is many things—a motion-sensing video-game console, a retail success story, possibly even a cultural touchstone. What it isn’t, despite its players’ controller-waving antics and media hype about gamers finally getting off the couch, is an exercise machine. Until now. The Wii Fit, a soon-to-be-released suite of games that uses a $70 weight- and balance-sensing Balance Board, does everything from analyzing posture to revealing how bad you actually are at yoga. It turns fitness into a game, instead of a chore.


8. Hitachi Power Tools CR13VBY - Reciprocating saws are indispensable in remodeling and demolition and for doing tough jobs like sawing tree roots, but they can be murder to work with for long periods. This $159 saw uses a counterweight mechanism that dampens vibration, reportedly by more than 65 percent. Hitachi calls it User Vibration Protection, and in PM testing, it dramatically reduced operator fatigue—and arguably improved safety. Like many topnotch saws, the Hitachi has two cutting modes: straight-line (for metal) and swing (for wood). Even the swing mode offers dramatic vibration reduction compared to the orbital action found on other saws. Other high-end features: a variable-speed dial and tool-free blade changing.

9. Microsoft Surface - This tabletop computer uses “multitouch” technology to let several users, employing their fingers, manipulate images and other data right on the screen—no keyboard or mouse needed. In that, it’s like two other Breakthrough winners, the Apple iPhone and Jeff Han’s Media Wall. But the Surface recognizes more than mere fingers—it can also sense and interact with objects both digital (cameras, phones) and nondigital (water glasses, paint brushes) placed on top of it. It’s a big step toward a future of pervasive computing, where digital processing power makes everything from tables to walls to floors interactive.



10. LG Super Blu Player - As the hi-def disc-format war rages on, wary HDTV enthusiasts are inclined to wait on the sidelines until the dust has settled. But LG has created a safe haven for early adopters. The Super Blu Player ($1000) plays both HD DVDs and Blu-ray discs, and it upscales regular DVDs to hi-def resolutions. LG will have to drop the Super Blu’s price to stay competitive, but the point has been made: Technology companies created this confusing mess, and it’s their job to clean it up.

Read more!

Top 10 Hacker Movies

Here are the top 10 voted hacker movies of all time. Check out how many of them you have seen...

10. Swordfish (2001)
Over-the-top violence, preposterous situations, sexy women, and outstanding special effects make this a great popcorn rental. No, don't bring your brain to watch this, but if you like techno-thrillers, definitely rent this. John Travolta is the slimy villain, Hugh Jackman is the studly hero hacker, and Halle Berry is the mysterious damsel.


9. The Italian Job (2003)
Modern heist movies always involve some sort of hacking. This particular heist movie is extremely entertaining, especially when the supposed true inventor of "Napster" is the main hacker.
At least 20 minutes of hacking footage in this actioner. Definitely worth renting if you haven't seen it.

8. Foolproof (2003)
A lower-budget movie about hobby bank robbers, this was a delightful surprise to many viewers. Ryan Reynolds and his friends "virtually" rob banks for fun, but are blackmailed into doing a heist for real. This is a good action rental.


7. eXistenZ (1999)
A David Cronenberg film, this is the creepiest entry in the list. A game designer creates an artificial reality game that plugs directly into people's minds. The line between reality and game then blurs in a violent and gruesome way. This is very much a powerful art film, and not for everyone.


6. The Score (2001)
Edward Norton and Robert De Niro are fabulous in this heist flick. In a clever plot to rob a Montreal customs house of some royal artifacts, Norton and De Niro must break into the security systems with the help of a socially-awkward hacker who lives in his mother's basement. Ten minutes of hacking, and 100 minutes of phenomenal robbery storytelling!


5. Sneakers (1992)
While dated, this movie was groundbreaking at the time, and is still charming to this day. The story revolves around two college buddies who take different paths in life. One becomes an ethical hacker, and the other...well, he is not quite so noble. Some great plot twists and comic scenes make this a good way to spend a Saturday afternoon at home.


4. Revolution OS (2001)
This documentary tells the story about the Linux operating system, and how it forwarded the philosophy of "open source" and free intellectual property. Not an action movie, but definitely interesting for people who want to learn more about why computer culture is the way it is. If you can find a copy of this, definitely rent it.


3. Die Hard 4: Live Free or Die Hard (2007)
Leave it to Bruce Willis to save the world from uber hackers. Macintosh advertising personality, Justin Long, plays the reluctant programmer caught up in an digital terrorism scheme. Like Swordfish, this movie has over-the-top violence and outrageous action sequences, but if you liked the Die Hard series, definitely see this.


2 Wargames (1983)
Yes, this movie is very old, but it is still a pivotal film in many viewers' minds. A young man finds a back door into a military computer that is linked to the nuclear defense grid of the United States. A preposterous plot, but a compelling commentary on nuclear war and the destruction of the human race. You have to see this movie just to say you have seen it.


1. Tron (1982)
A classic! A hacker is transported into the digital universe inside a computer, and must survive combat as a cyber gladiator in order to stop the villanous Master Control. The imagination behind this movie made big ripples in the science fiction world, and today, Tron is a cult classic that every computer user should see at least once

Read more!

Difference Between Different SSL Providers

Secure Socket Layer protocol; in short SSL protocol was designed by Netscape with the aim of making Internet transactions very secure. This technology is used widely in the Internet transactions. Now, SSL certificate is an industry standard all over the world, which is helping both businesses and their customers to make secure transactions on the Internet. One should say that these certificates have certainly increased the number of online transactions in a very big way.

The Verisign Company, that processes not less than fifteen billion Internet interactions everyday the one of the major players in this area. It also supports more than ninety million phone calls each day.Other major players in the domain of SSL certificates are Rapidssl, Geotrust, Instantssl, and XRamp. GeoTrust, another SSL provider is the world's second largest digital certificate provider. It is giving good competition to the Verisign in this domain.

Verisign has more than 500,000 Web sites and 3,000 enterprises as its clients. They are depending quite heavily on Verisign to make their everyday online transactions operate reliably, securely, and efficiently. RapidSSL, another leading SSL provider is giving a stiff competition to Verisign in the Small and Medium Businesses (SMBs). RapidSSL is offering strong 128 / 256 bit encryption to its clients. However, Verisign is also in the process of designing newer products for the SMBs. www.ssl.com, offers are the products of the Verisign and RapidSSL.

When it comes to 256 bit digital certificates, XRamp is offering a stiff competition to Verisign. More than 99.7% web browser’s supports XRamp worldwide. It is the first Certificate Authority (CA) to offer 256-bit SSLcertificates. However, Verisign operate largest independent SS7 network in the world. This gives a strong competitive advantage to the Verisign. Leo Grove, the President strongly believes that Verisign is going go grab more than 70% of the market share in the coming 3-4 years in this domain. For more information on this aspect you can definitely visit the said site. Feel free to browse through the site and it’s blogs to learn all the new advancements in the SSL protocol and Certificate.

Verisign which is investing in its Research and Development section quite strongly in the recent past, is definitely going to be the market leader for a long time from now, according to industry experts like Jade Chaney, Vice President of ssl.com and many others. However, it should be quite careful of the potential competition from other leading players in the industry.

Read more!

Top 10 Stupidest Joomla! Security Tricks

1. Go with the cheapest hosting provider you can find, preferably a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites. Don't check the list of recommended hosting providers.
2. Don't waste time with regular backups. Maybe the hosting provider will help you.
3. Don't waste time adjusting PHP and Joomla! settings for increased security. Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem.
4. Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.
5. Install your brand new beautiful Joomla!-powered site, celebrate a job well done, and don't worry about it again. After all, if you don't make any more changes, what can go wrong? (Hint: A lot)
6. Do all upgrades and extension installations right there on the live site. Who needs a development and testing server anyway? If an installation fails, you'll just uninstall it again. That will hopefully also undo any damage the installation caused.
7. Trust all third-party extensions, and install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who know what they are doing.
8. Don't worry about updating to the latest version of Joomla!. Hey, nothing's gone wrong so far, and if it ain't broke don't fix it! Same plan for the third-party extensions. Too much work anyway.
9. When your site gets cracked, panic your way on over to the Joomla! Forums and start a new post with a very familiar title: "Help! My Site's Been Hacked!" Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions were installed.
10. Once your site's been cracked, fix the defaced file and then assume all is well. Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming actions. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.

Read more!

Rundown of the top vendor-independent security certifications

Security certifications are hot. While some IT accreditation paths have cooled, others are attracting attention. In many cases, the accreditations drawing uncommon interest are security-related.

Microsoft offers security-focused versions of its Microsoft Certified Systems Administrator and Microsoft Certified Systems Engineer accreditations, while Cisco offers a security version of its CCIE certification. Still others--including CompTIA, the International Information System Security 2 (ISC)2, the Global Information Assurance Certification (GIAC) and the Security Certified Program--all offer popular security accreditations.

Here's a rundown of the top vendor-independent security certifications.

CompTIA Security+

Candidates seeking CompTIA Security+ certification need pass only a single (SY0-101) exam. The CompTIA exam, consisting of 100 questions, tests candidates' security expertise in five areas:

• Security Concepts
• Communication Security
• Infrastructure Security
• Basics of Cryptography
• Operational/Organizational Security.

General security concepts tested include knowledge of authentication protocols, common vulnerabilities and attack strategies and social engineering risks. Communication security issues candidates must master include remote access security technologies and e-mail security, as well as strategies for hardening wireless networks. Infrastructure topics covered include firewall, router, switch, modem, VPN and telecom security, issues associated with protecting such media as common Ethernet cabling and intrusion detection strategies.

CompTIA’s Security+ exam also explores cryptography. Candidates must demonstrate knowledge of common cryptographic algorithms, digital signatures, and public key policies.

The Security+ test also covers operational and organization security issues. From protecting backup data to designing effective security policies and implementing effective incident response strategies, candidates must prove a wide range of operational and organizational security expertise.

The Security+ exam is well known. In fact, the certification is so well respected that Microsoft accepts Security+ certification as credit toward its MCSE and MCSA certifications (eliminating the requirement for candidates to pass other exams).

(ISC)2 - SSCP and CISSP

The International Information Systems Security Consortium, known as (ISC)2, maintains what it calls the (ISC)2 CBK. The so-called Common Body of Knowledge tracks best practices for securing information technology. The (ISC)2 awards four certifications: CISSP, SSCP, CAP and Associate of (ISC)2.

The Certification and Accreditation Professional, or CAP credential, is a little different than traditional certifications. The CAP certification measures ones understanding of the certification process and targets those IT professionals who must determine processes for assessing security vulnerabilities and implement security protections. In addition to testing knowledge of certification’s purpose, CAP candidates must demonstration knowledge of the certification and accreditation processes and post-certification monitoring.

The Systems Security Certified Practitioner (SSCP) certification targets IT professionals responsible for network or systems security. The SSCP tests a candidate’s knowledge in seven areas: access controls, analysis and monitoring, cryptography, networks and telecommunications, malicious code, risk, response and recovery and security operations and administration.

The CISSP certification is aimed at IT managers seeking executive-level security positions. The CISSP exam tests candidates’ knowledge of (ISC)2’s 10 CBKs: access control, application security, business continuity and disaster recovery planning, cryptography, information security and risk management, legal, regulations, compliance and investigations, operations security, physical security, security architecture and design and telecommunications and network security.

The Associate of (ISC)2 status, meanwhile, targets those IT professionals who possess the expertise required to earn CISSP or SSCP accreditation but don’t boast commensurate years of practical field experience. SSCP candidates are expected to have one year of security field experience, while those sitting for the CISSP credential are expected to possess four years of such practical experience (although a Master's Degree in Information Security from a National Center of Excellence subtracts one year from that requirement). SSCP and CISSP candidates must also pass professional, criminal and background history checks.

GIAC--GISF and GSEC

The Global Information Assurance Certification arm of the SANS Institute exists to confirm real-world information technology skills. The organization maintains some 19 security-focused and job-specific certificates and certifications.

GIAC certifies candidates in five subject areas (including Security Administration) and at several levels (including Silver, Gold and Platinum). The organization offers both certificates and certifications. Certificates typically are based on material covered in a one- or two-day SANS training course and encompass a single exam. Certifications, however, tend to be based on weeklong courses and usually require passing two exams that require renewal every four years.

The entry-level GIAC security accreditation--the GIAC Information Security Fundamentals (GISF)--targets IT managers, security officers and administrators. The exam measures candidates’ understanding of the threats that challenge information resources and tests the ability to identify best security practices.

The next highest GIAC security accreditation is the Security Essentials Certification (GSEC), which targets such technology professionals as hands-on managers, staff new to the field and others. The two exams test security essentials and helps ensure individuals possess solid baseline security knowledge.

Additional GIAC security certifications include the Certified Firewall Analyst (which confirms the knowledge, skills and abilities required to design, configure and monitor routers, firewalls and other perimeter devices), the Certified Intrusion Analyst (which gauges one’s knowledge configuring and monitoring intrusion detection systems), Certified Incident Handler (which confirms the candidate’s ability to manage incidents and attacks) and Certified Forensics Analyst (which measures one’s ability to effective manage formal forensic investigations).

Security Certified Program--SCNP

The Security Certified Network Professional (SCNP) certification is maintained by the Security Certified Program (SCP). SCP develops and maintains its vendor-neutral certifications with the goal of awarding accreditations that measure real-world security skills.

In order to sit for the SCNP exam, candidates must first earn Security Certified Network Specialist (SCNS) standing. SCNS certification requires than an IT professional pass the organization’s Tactical Perimeter Defense (TPD) exam that tests network defense fundamentals, advanced TCP/IP use, configuring routers and access control lists, firewall and VPN design and configuration and intrusion detection system administration.

To earn SCNP accreditation, candidates must pass the Strategic Infrastructure Security (SIS) exam. The SIS test measures candidate’s understanding of cryptography, Linux and Windows hardening, ethical hacking, risk analysis, security policies and other facets of Inernet security. Recertification is required every two years.

Summary

As with any certification, these security certifications provide baseline measurements of an individual’s knowledge, skills and expertise. IT certifications should not be interpreted as indicating the holder mastered each of the technologies covered, as even veterans boasting years of field experience rarely master every facet of a specific discipline.

Read more!

Run Internet Explorer on Linux

Most Linux users would be appalled by the idea of attempting to contaminate a Linux installation with any Microsoft product, especially Internet Explorer. However, many Web sites don't render properly using regular Linux browsers, such as Firefox or Konqueror. Other sites either require ActiveX controls or are designed to work only with Internet Explorer. Also, how can you test your new Web design and JavaScript for IE if you're an Apache and Linux maven?

For those who may have the need for Internet Explorer without the need to move to another machine or reboot, there is a solution for you: an extremely useful project aptly named IEs4Linux. In this article, I will describe how to install and begin using multiple versions of Internet Explorer using Wine and IEs4Linux.

What's IEs4Linux?

IEs4Linux is a small shell script that can be run via console on any Linux machine with Wine installed. As the title suggests, it allows you to quickly and easily install that most infamous of Microsoft products: Internet Explorer.

The creator of IEs4Linux is Sérgio Luís Lopes Júnior, a 21 year old Brazilian student and self-proclaimed lover of Linux and OpenSource. Naturally, being open source, IEs4Linux is free. However, as with many people working on open source projects, Sérgio's funding comes from the community; if you found IEs4Linux helpful, you can PayPal him a few dollars to continue development of the project.

IEs4Linux relies on the Wine project to supply an implementation of the Microsoft Windows API. The IEs4Linux script actually downloads the required CAB files directly from the Microsoft site; then, using cabextract, copies the files to a new Wine profile. This way, your existing Wine profiles are not affected, and any other software you have running will be just fine. In addition to installing Internet Explorer versions 5, 5.5, and 6, IEs4Linux also can install Flash 9 for you from Adobe.

IEs4Linux is a GPL product; however, Internet Explorer is a copyrighted product of Microsoft. This means that you will need to be in possession of a valid Windows license version greater than 95, although it will not be asked for during the installation process.

Author's note

For the purposes of this article, I'll assume you're running the latest version of Ubuntu as your Linux distribution. IEs4Linux will work with almost every distribution, but the installation routine varies. This article assumes that you already have Ubuntu Desktop installed and operational.

Depending on how you like to install your software, I have included two sets of instructions, first the graphical (GUI) method and lastly the console (CLI) method.

Installing the required packages

To install all the applications required to enable IEs4Linux to run properly, ensure that you have the Universe repositories enabled. Open the Software Sources configuration screen, which can be found under Toolbar | System | Administration | Software Sources.

Next, you need to select all the repositories for the CD-ROM/DVD option. You won't need this option. The online repositories are kept up-to-date, as shown in Figure A. Press the Close button when you're finished.

Figure A

,

Selecting the required repositories to install Wine and cabextract.

Now it's time to begin installation of the required packages. Go to Toolbar | System | Administration | Synaptic Package Manager. Once it opens, search for Wine and cabextract. Once you find them, press Apply, as shown in Figure B.

Figure B

Installing Wine and cabextract.

Kickin' it old school with the console

You can also obtain the files from the console prompt. To begin, open a console. You can do this by going to the toolbar and going to Application | Accessories | Terminal. In the terminal, run the command: apt-get update && apt-get install cabextract wine. The install process will begin after pressing [Enter]. The apt-get process download installs all the files and packages for wine for you.

Getting down to business

Now that you have Wine installed with cabextract, it's time to download the IEs4Linux files. You can either go to the IEs4Linux Web site, or return to a console to enter this command to download the latest IEs4Linux build:

wget http://www.tatanka.com.br/ies4linux/downloads/ies4linux-latest.tar.gz

Figure C shows what this looks like.

Figure C

Downloading the IEs4Linux Installer.

After you have downloaded the latest build tarball, you need to cd to the directory where you downloaded tarball to if you did not do so from the console. This can be done easily with the command cd ies4linux-*. Next, enter the command tar xzvf ies4linux-latest.tar.gz in the console to decompress the tarball and change directories into the build directory. Finally, to launch the IEs4Linux script that will begin the installation process, type ./ies4linux.

You will be lead through a text-based series of screens that will ask you questions about what versions of Internet Explorer you want to install, as shown in Figure D. The first question asked will be if you wish to install version 5 and 5.5 of Internet Explorer; you can make that decision for yourself. In addition to installing Internet Explorer, IEs4Linux will also install the Flash Player plug-in automatically.

Figure D

Running the IEs4Linux Installer.

After a few minutes, the script will download all of the required files and install them on your computer automatically. Additionally, links on your desktop will be created to Internet Explorer making for quick access. The Internet Explorer launch binaries will exist in the newly created directory bin in your home directory. For quick access on command line, run ~/bin/ie6 to launch Internet Explorer version 6. You'll see IE run, as shown in Figure E.

Figure E

You should now have Internet Explorer running in Linux.

Congratulations; you have successfully installed Internet Explorer version 5, 5.5, and 6 on your PC. With the assistance of IEs4Linux, it is possible to have Internet Explorer accessible to you as a tool on any Linux system that can run Wine.

Variations in other distributions

The install process for other distributions will be different according to that distro's package system. But the rest is the same after that. For example, in Gentoo, the series of commands would be:

emerge --sync && emerge wine cabextract.

For Fedora, the commands to install wine and cabextract are:

yum -y install wine*
yum -y install cabextract

For Mandriva, the directions are:

urpmi wine cabextract

For more distributions and instructions, please visit the IEs4Linux site.

Known issues

There are a number of known issues with the Internet Explorer version installed by IEs4Linux. Some of these include:

• VML does not work.
• PNG transparency does not work even when using hacks (a consequence of the "CSS filter" bug).
• Windows Update does not work.
• JavaScript error dialog does not open.
• Modified toolbars are not saved.
• ActiveX may not work with some special cases.

The install of Internet Explorer made by IEs4Linux doesn't have the JavaScript debugging enabled by default, which can be quite frustrating when you know there is a bug on the page, but can't get the error message. To get around this, you will need to enable JavaScript debugging.

In the menu bar, go to Tools | Internet Options to open the Internet Options dialog. Next, press on the Advanced tab and scroll down to the Browsing section. Uncheck the list item Disable Script Debugging.

Read more!

Hide the last logon in Windows 2000 Professional

By default, Windows 2000 Professional automatically shows in the logon dialog box the user name of the account last used to log on to the computer. This saves the time and trouble of typing the user name for every logon, which is convenient if there's only one person using the computer or if someone uses it more frequently than anyone else.

Since you need an account as well as a password to log on, displaying the user name isn't a security risk per se, but it can weaken security in environments where security is critical. After all, knowing a valid account name is half the battle in hacking into a system. The solution? Hide the last logon from the dialog box, forcing the user to type the user name each time he or she logs on.

You hide the user name by defining a security policy setting. You can define the setting locally or inherit the setting through the domain security policy. If the policy is defined at both locations, the domain policy takes precedence and overrides the local policy. Here's how:

1. Open the Administrative Tools folder in the Control Panel and then open the Local Security Policy object.
2. Expand the Local Policies/Security Options branch.
3. Double-click the setting Do Not Display Last User Name In Logon Screen.
4. Click Enabled, then click OK and close the Local Security Settings console.

The change will take effect at the next logon.

Read more!

10 tips for securing Apache

One of the reasons that Apache powers over half of the world's domains is its track record when it comes to being a safe and secure Web operating environment. The Apache group has done a great job at keeping its product safe and, at the times when the product has been found to have a defect related to security, the Apache group gets a patch out as quickly as possible.

However, even with Apache's focus on producing a secure product, the Web server can still be vulnerable to any number of attacks if you fail to take some security precautions as you build your server.

In this article, I will provide you with 10 tips that will help you keep your Apache Web server protected from predators. Bear in mind that you need to carefully evaluate each of these tips to make sure that they are right for your organization.

Harden your operating system and keep it current

If your operating system is not properly installed and secured, or you have failed to keep current on OS security releases, your Apache installation could be compromised through an avenue totally unrelated to the Web server itself. Keep up to date on all security patches and services packs.

Further, take recommended steps to harden your operating system. In most cases, this means only installing services that are absolutely necessary for your system, turning off unnecessary protocols, using ACLs to define what kind of traffic can get to the system, and from where that traffic can originate.

Also make sure your server runs antivirus and antispyware software and that these software packages are kept current.

Beyond the OS, make sure that your network is well-protected with a firewall and appropriate intrusion detection systems are in place.

Install only what you need

One of Apache's greatest strengths -- its flexibility and sheer number of installable modules -- can also be a great weakness when it comes to security. The more you install, the larger attack surface you create for a would-be hacker. A standard Apache install includes more than twenty modules, including CGI capability, and some authentication mechanisms. If you don't plan to use CGI and you're only going to use a static site and don't need users to authenticate, you may not need any of the services offered by either of these modules, disable these modules at the time you install Apache.

If you've inherited a running Apache server and do not want to reinstall it, go through the httpd.conf configuration file and look for lines that start with LoadModule. Check the Apache documentation (or Google) to find information about the purpose of each module and comment out the modules that you don't need. Afterwards, restart Apache.

Less disclosure equals less information for a hacker

You know by now that Apache is helpful. After all, it's easy to install and fairly easy to administer. Unfortunately, many Apache installations tend to be too helpful by providing perfect strangers with information about your server, such as the Apache version number and information related to your operating system. With this information, a potential hacker can go after specific exploits that may affect your system, particularly if you haven't been able to stay current with all patches. Now, instead of a hacker's exploit attempt being handled by trial and error, he knows exactly what you're running and he can tailor his attack.

To help keep your server from broadcasting sensitive information, make sure the "ServerSignature" directive in httpd.conf is set to "off". As a note, a default Apache installation sets this directive to off by default, but many administrators enable it. Figures A and B show you the result of changing this directive.

Figure A

This is a sample 404 page when you have ServerSignature set to 'on'.

Figure B

This is the same page, but the ServerSignature directive is set to 'off'.

Likewise, it's a good idea to disable directory browsing. When directory browsing is enabled, users that browse to a directory that does not contain a default document are instead provided with a complete list of the contents of that directory. While you shouldn't store sensitive materials in plain text on a Web server unless you have to, you shouldn't allow people to see more than they need.

Directory browsing is enabled by default. To disable this feature, edit the httpd.conf file; and, for each "Directory" directive, remove the "Indexes" reference.

For example, on my lab Apache 2.2.4 server, this is the default Directory directive:


Options Indexes FollowSymLinks
AllowOverrride None
Order allow,deny
Allow from all



Remove the Indexes reference so that this reads:

Options FollowSymLinks
AllowOverrride None
Order allow,deny
Allow from all


You can also leave the Indexes directive and precede it with a dash to disable the directive (i.e., "-Indexes").

Figures C and D show you the results of this change.

Figure C

This is a sample folder on a server for which directory browsing is allowed.

Figure D

This is the same folder with the Indexes directive removed.

Run mod_security

Mod_security, an Apache module written by Ivan Ristic, provides Apache with a front-end firewall through which all incoming requests are filtered before being sent on to other Web server modules. Among other features, mod_security includes:

• As indicated above, powerful request filtering that also works for HTTPS traffic.
• Anti-evasion techniques, such as the removal of null bytes (), multiple slashes, etc., from URLs.
• Identity obfuscation. The identity of the Web server can be changed to thwart hackers.
• Full audit logging for future analysis if necessary.

Among the reasons that mod_security was developed was to protect servers prone to SQ injection attacks from being compromised and databases lost. Under a SQL injection attack, SQL code is passed to a database process via a URL. If proper precautions aren't taken, an Internet miscreant could send a command such as "DROP DATABASE" through a URL string and render a Web site useless in a matter of seconds.

Mod_security does much more than what I've outlined here. Follow the link above to visit the mod_security Web site for a more thorough overview of this module.

Run Apache as a non-privileged user

Under Apache 2.2.4, the default Apache installation sets the User and Group directives in httpd.conf to daemon (a good change). In older versions of Apache, these values were often set to nobody, which, under certain situations, can have significant security implications, particularly since other services often run as this user as well. Depending on who you talk to, use of the nobody account for running services and for owning files can go either direction.

So, change it.

Generally, administrators that decide to take this step create a user and group on their Apache server named "Apache", and the Apache service runs under this account. Files related to the web site are then made readable by this account.

To make this change, open the httpd.conf file and change the contents of the User and Group directives to "Apache", or the account name you have selected.

You will likely need to also make changes to the file permissions and ownership of the files in your Apache directory as well.

Disable the following of symbolic links

If you're the only person proving Web content to the world -- and you rarely make mistakes when you create new symbolic links -- you may not have to worry about this step. If, however, you have many people adding content directly to your site, and they are not as savvy as you, there is a risk that a user may accidentally create a symbolic link to a part of your file system that you really don't want people to be able to see. For example, what would you do if someone, in your Apache server's document root directory, created a symbolic link to the "/" folder?

To disable the ability for Apache to allow users to follow symbolic links in their requests, remove the FollowSymLinks directive on your Directory commands.

For example, on my lab Apache 2.2.4 server, this is the Directory directive:


Options Indexes FollowSymLinks
AllowOverrride None
Order allow,deny
Allow from all



Remove the FollowSymLinks reference so that this reads:

Options Indexes
AllowOverrride None
Order allow,deny
Allow from all


If some users need the ability to follow symbolic links, consider the use of the SymLinksIfOwnerMatch directive instead.

Be specific on the Listen directive

When you first install Apache, the httpd.conf file is populated with a directive that reads "Listen 80". Shore things up and change this to "Listen ww.xx.yy.zz:80", where the "ww.xx.yy.zz" is the IP address on which you want Apache to listen for requests. This is especially important if you have Apache running on a server with multiple IP addresses. If you don't take this precaution, the default "Listen 80" directive tells Apache to listen to every IP address on port 80.

Depending on your environment, this may not be important.

Don't allow users near the root directory

Under no circumstances should you allow users (or Apache) access to files and directories higher up the folder hierarchy. Apache 2.2.4 includes a restrictive option that achieves most of the goal, but still leaves the FollowSymLinks option available for the root ("/") folder.


Options FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from all




It's better to turn this option off. Change your httpd.conf to reflect the following:



Options None
AllowOverride None
Order Deny,Allow
Deny from all


Remove the default comments from httpd.conf

Apache 2.2.4's default httpd.conf file exceeds 400 lines. Of these 400 lines, only a fraction are actually Apache directives. The rest are nothing but comments designed help you place appropriate directives into httpd.conf. In my experience with Apache, I've found that the comments seriously get in the way to such an extent that you may leave dangerous directives in the file. One of the first things I've done on many Apache servers I've managed is to copy the httpd.conf file to something else (say, httpd.conf.orig) and then totally strip out the superfluous comments. The file becomes much more readable and you're less likely to overlook a potential security problem or make a mistake with your configuration.

Protect Apache from Denial of Service (DoS) attacks

While you can never completely protect yourself from DoS attacks, Apache provides you with a number of directives that you should consider manipulating to help protect your server from these kinds of affronts. Table A lists the directives recommended for review by the Apache group for servers that may become the subject of a DoS attack.

Table A

Directive	Apache 2.2/2.3 default	Advice/Description
TimeOut	300 seconds	Should be lowered on sites that are subject to DoS attacks. Setting this to as low as a few seconds may be appropriate, but could pose problems for some CGI scripts.
KeepAliveTimeout	5 seconds	May be also lowered or even disabled (not recommended) on sites that are subject to DoS attacks.
LimitRequestBody	0 bytes (unlimited)	Restricts the total size of the HTTP request body sent from the client. If DoS attacks are occurring as a result of large requests, limit request size.
LimitRequestFields	100 fields	Limits the number of HTTP request header fields that will be accepted from the client. If DoS attacks are occurring as a result of too many HTTP request headers, lower this number.
LimitRequestFieldSize	8190 bytes	Limits the size of the HTTP request header allowed from the client.
LimitRequestLine	8190 bytes	This directive sets the number of bytes that will be allowed on the HTTP request-line.
MaxClients	256 requests	Sets the limit on the number of simultaneous requests that will be served.

Read more!